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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 2/22/2010 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 8-14 and 21-28 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 8-14 and 21-28 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 2/3/2010 has been entered. 

Response to Amendment 
Claims 8-14 and 21-28 are currently pending. Claims 8 and 21 have been amended and 
claim 29 is now cancelled. 

Response to Arguments 

Applicant's arguments with respect to claims 8-14 and 21-28 have been considered but 
are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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Claims 8-14 and 21-28 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent Application Publication Number 2008/0134286 by Amdur et al. in view of U.S. 
Patent Number 6,072,875 to Tsudik and U.S. Patent Number 5,774,551 to Wu et al. 

As to claim 8, Amdur teaches a method implemented in a computer-readable medium and 
for executing on a proxy server (Fig. 3 embodiment) the method for policy and attribute based 
access to a resource, comprising: receiving, at the proxy server, a session request for access to a 
resource, wherein the session request is sent from a service and includes alias identity 
information for a principal (paragraph 94, the user's login name is considered the alias or 
alternatively the biometric data in paragraph 188 can be considered an alias), wherein the alias 
identity information includes a password and a principal identification (paragraph 188 mentions 
a password and identification); mapping, by the proxy server, the alias identity information to 
identity information of the principal, the identity information associated with the true identity of 
the principal whereas the alias identity information is the password and the principal 
identification and the identity information and the true identity of the principal available to the 
proxy server by not the service or the resource (paragraphs 95-96); authenticating, by the proxy 
server, the identity information; acquiring, by the proxy server, a service contract for the 
principal, the service, and the resource, obtaining the service contract selective resource access 
policies and attributes which are permissibly used by the service when accessing the resource on 
behalf of the principal (paragraphs 95-96); defining, via the service contract, a tripartite 
relationship among the principal, the service, and the resource, the service contract is derived 
from an identity configuration of the principal (paragraph 140); and establishing, by the proxy 
server, a session with the service, wherein the session is controlled by the service contract 
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(paragraphs 95-96); however Amdur does not explicitly teach alias information that is randomly 
generated from identity information that identifies the true identity of the principal nor does 
Amdur explicitly teach the claimed security strictures. 

Tsudik teaches a method wherein alias information that is randomly generated from 
identity information that identifies the true identity of the principal (see abstract and 
corresponding disclosure. The encrypted identifier and password are considered randomized). 

Wu teaches a service contract including security strictures for the tripartite relationship 
including the selective resource access policies and the attributes, the access policies define 
operations that the service can perform on behalf of the principal against the resource and those 
access policies map to attributes, the attributes define specific data fields defined within the 
resource (col. 16, line 54-col. 17, line 15). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Amdur regarding using a proxy to authenticate 
users with the teachings of Tsudik regarding randomized alias identification because such 
randomization prevents an intruder from detecting a user's identity or moves though the network. 

It would have been obvious to one of ordinary skill in the Computer networking art at the 
time of the invention to combine the teachings of the Amdur-Tsudik combination regarding 
using a proxy to authenticate users and randomized alias identification with the teachings of Wu 
regarding the claimed security strictures because Wu relates to methods and systems for 
managing user access to networked computers (Wu. col. 1, lines 7-13) such as those taught be 
the Amdur and Tsudik. Combining Amdur, Tsudik, and Wu in the claimed manner would 
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produce a predictable result as all three references deal with the field of security and the 
combination would not require any substantial modifications in order to be viable. 

As to claim 9, Amdur teaches the method of claim 8 further comprising accessing an 
identity configuration for the principal in order to acquire the selective resource access policies 
and attributes included within the service contract (paragraph 96). 

As to claim 10, Amdur teaches the method of claim 8 further comprising denying access 
attempts made by the service during the session when the access attempts are not included within 
the service contract (paragraphs 95-96). 

As to claim 11, Amdur teaches the method of claim 8 further comprising terminating the 
session when an event is detected that indicates the service contract is compromised or has 
expired (paragraphs 198-199). 

As to claim 12, Amdur teaches the method of claim 8 further comprising establishing the 
service contract with the principal prior to receiving the session request (paragraphs 95-96). 

As to claim 13, Amdur teaches the method of claim 12 further comprising reusing the 
service contract to establish one or more additional sessions with the service, wherein the one or 
more additional sessions are associated with one or more additional session requests made by the 
service (paragraphs 93-96). 

As to claim 14, Amdur teaches the method of claim 12 wherein the establishing further 
includes establishing the service contract with the principal in response to a redirection operation 
performed by a proxy that intercepts a browser request issued from the principal to the service 
for purposes of accessing the resource (paragraph 88). 

Claim 21 is rejected for the same reasoning as claim 8. 
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As to claim 22, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising, permitting the service to indirectly access an 
identity store which represents the resource, and wherein the identity store includes secure 
information related to the principal (paragraphs 95-96). 

As to claim 23, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising terminating the session when the service contract 
expires or is compromised (paragraphs 198-199). 

As to claim 24, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of the mapping further includes interacting with an alias 
translator (paragraphs 95-96). 

As to claim 25, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of authentication further includes interacting with an 
identification authenticator (paragraphs 95-96). 

As to claim 26, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising managing the session by acting as an 
intermediary between the service and a legacy Lightweight Directory Access Protocol (LDAP) 
application which has access privileges to the resource (paragraphs 97-103). 

As to claim 27, Amdur teaches the policy and attribute based resource session manager of 
claim 26, wherein the receiving further includes intercepting a session request that is issued from 
the service for the legacy LDAP application, wherein the session request includes the alias 
identity information (paragraphs 97-103). 
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As to claim 28, Amdur teaches the policy and attribute based resource session manager of 
claim 27 having instructions further comprising managing the session with respect to the service 
as if the policy based resource session manager were the legacy LDAP application (paragraphs 
97-103). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DOUGLAS B. BLAIR whose telephone number is (571)272- 
3893. The examiner can normally be reached on 9:00am-5 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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